February 1, 2011

AALL: Network Neutrality Update - January 2011

David Badertscher

Network Neutrality (Net neutrality) is a principle that expresses the concept that all Internet traffic must be treated equally regardless of possible economic and other incentives to do otherwise. The American Association of Law Libraries (AALL) strongly supports Net neutrality and is a member of Save the Internet Coalition and the Open Internet, both working to bring together individuals, non-profit organizations, businesses, and bloggers who strongly support this priciple.

As part of its leadership role in raising and clarifying issues related to Network Neutrality, AALL prepared a Newwork Neutrality Issue Brief, published in December 2008. Since that time there has been sufficient debate, discussion, rule changes (both actual and proposed), and litigation surrounding this issue to make it necessary for AALL to update its 2008 Network Neutrality Issue Brief, resulting the 2011 AALL Network Neturalty Issue Brief linked to below.

The updated AALL Network Neutrality Issue Brief (January 2011), was prepared by Ryan Saltz, AALL Government Relations Committee (2008-2010) and Ryan Harrington, Reference Library at Yale Law School under the auspices of the Government Relations Office and the Government Relations Committee, both of AALL. This update contains important current information and commentary on Network Neutrality and is recommended reading by all who have any involvement, no matter how minor, in internet related issues.

AALL Network Neutrality Issue Brief 2011 Update

For more information on the background of Network Neutrality see the posting "Network Neutrality: Some Background and Perspectives", posted August 20, 2010 on this blog.


February 1, 2011

Internet Society Statement on Egypt's Internet Shutdown

Source: The Internet Society Newsletter Volume 10 Number 1 January 2011.

On 28 January, Lynn St.Amour President and CEO, and the Internet Society Board of Trustees issued a statement on the Egypt's Internet shutdown:

"We are following the current events in Egypt with concern as it appears that all incoming and outgoing Internet traffic has been disrupted. The Internet Society believes that the Internet is a global medium that fundamentally supports opportunity, empowerment, knowledge, growth, and freedom and that these values should never be taken away from individuals.

"The Internet Society considers this recent action by the Egyptian government to block Internet traffic to be an inappropriate response to a political crisis. It is a very serious decision for a government to block all Internet access in its country, and a serious intrusion into its citizens' basic rights to communicate. If the blockage continues, it will have a very detrimental impact on Egypt's economy and society. Ultimately, the Egyptian people and nation are the ones that will suffer, while the rest of the world will be worse off with the loss of Egyptian voices on the net"

For the complete statement, see:

http://isoc.org/wp/newsletter/?p=3091&utm_source=nl&utm_medium=txt&utm_campaign=201101

For a Q&A on the shutdown, its impact, and implications see:

http://isoc.org/wp/newsletter/?p=3100&utm_source=nl&utm_medium=txt&utm_campaign=201101

November 15, 2010

The WWW at 20

November 12. 2010 is the twentieth anniversary of a research proposal that is remaking our world. As Ben Zimmer tells it in his November 14 On Language column, WWW: The 20th Anniversary of a Research Proposal That Remande the Language in the New York Times, Tim Berners-Lee, a British software programmer working at CERN outside Geneva, was attempting to "sketch out a global system for sharing information over the Internet. After submitting a document in 1989 on the topic which generated little interest, Berners-Lee tried again in 1990, collaborating with a Belgian engineer Robert Cailliau. It was this paper, WorldWideWeb: Proposal for a Hyper Text Project, submitted on November 12, 2010, that is the true basis of the World Wide Web as we know of it today. There are a number of articles, papers, and media events commemorating this seminal event, but for a quick read that is also informative, Mr. Zimmer's colum in the Sunday November 14, 2010 New York Times comes highly recommended.

David Badertscher

October 21, 2010

Social Media are Affecting the Way We Hear About Death: Police Grapple With Issue

On social media bad news spreads quickly.

When off-duty Baltimore Police Detective Brian Stevenson was killed Saturday night after being struck in the head by a piece of concrete, word spread quickly through police circles and spilled onto Facebook, where the officer's young daughter learned of his death before relatives could break it to her in person.

See complete article by Justin Fenton in the October 20, Baltimore Sun.

October 18, 2010

Leading Executives in the Legal Research Industry Join Bloomberg Law

Leading Executives in the Legal Research Industry Join Bloomberg Law

Lou Andreozzi and Larry D. Thompson to Lead Expansion of Bloomberg’s Web-Based Legal Platform

New York, October 18, 2010 – Bloomberg today announced that Lou Andreozzi has joined the Company as chairman of Bloomberg Law and Larry D. Thompson, PhD, has joined as chief operating officer. Andreozzi and Thompson will play key leadership roles in the growth of Bloomberg Law, the innovative real-time legal research system from the world leader in data and information services.

In his new role, Andreozzi will provide strategic leadership for Bloomberg Law aimed at driving the platform’s expansion in the legal research industry. He is widely recognized as a leader in the field of legal research, most recently serving as CEO of IQNavigator, Inc., and is a former CEO of LexisNexis North American Legal Markets.

Thompson will be responsible for the day-to-day operations of Bloomberg Law including go-to-market, sales, content, data and relationships. He most recently was Senior Partner with The Sterling Group 925 LLC, and formerly served as Senior Vice President at LexisNexis.

“Lou Andreozzi and Larry Thompson are among the top executives in the field of legal research and together they bring extraordinary strategic expertise and deep market knowledge to Bloomberg Law,” said Beth Mazzeo, head of Data Products for Bloomberg. “With the recent completion of our successful pilot phase, we are excited to move forward with Lou and Larry at the helm. It is a pleasure to welcome them to Bloomberg Law.”

“Bloomberg Law is breaking new ground in the world of legal research by bringing to lawyers, through the Web, the same innovative technology and analytics that set Bloomberg apart in the financial world,” said Andreozzi. “I am delighted to be part of the team that will take Bloomberg Law to the next level.”

“Bloomberg Law is a formidable product, and I am confident it will change the legal research playing field with its expertise in data, technology and its extraordinary financial news and business analysis,” said Thompson. “Bloomberg Law has the flexibility of a stand-alone product with access to Bloomberg’s world-class resources and delivered to the legal profession in an intuitive interface.”

Constantin Cotzias, who oversaw the successful launch of Bloomberg Law, is returning to London to be part of the senior leadership team in Bloomberg Europe, where he will head Government and Regulatory Affairs and government business development and strategy in Europe. Cotzias played a critical role in shaping Bloomberg Law’s development and the introduction of the platform to over 90 percent of the top 100 U.S. law firms.

In the newly created role, Cotzias will take advantage of Bloomberg’s presence in Europe to expand Bloomberg's Government Affairs division. He will help coordinate the Company’s government affairs efforts around the globe, and will help broaden Bloomberg's product offerings for government. Cotzias' team will monitor government initiatives and public policy development globally, assisting the business team and Bloomberg customers in assessing impact.

Andreozzi spent over 10 years at LexisNexis. As CEO of North American Legal Markets, his portfolio included some of the most prominent legal products and brands including the Lexis online service, Shepard’s, Matthew Bender, Martindale-Hubbell and lawyers.com. Prior to becoming CEO, Andreozzi was General Counsel of LexisNexis.

Most recently, Andreozzi has been serving as president and chief executive officer of IQNavigator, Inc., a leading provider of services spend management software and managed services, and will continue to play a leadership role in the company. He also served as CEO of Inference Data, a leading software-as-a-service provider of solutions for legal data analysis and review. He has been a strategic advisor for ValueAct Capital, The Carlyle Group and Bain Capital on large media and technology deals. Andreozzi is a graduate of Rutgers University and received his JD from the Seton Hall School of Law.

Thompson has more than 25 years of experience as an executive in the legal publishing field, 12 of them with LexisNexis where he rose to the position of Senior Vice President, Business Development, Strategy & Marketing and Global Chief Marketing Officer. Prior to that, Thompson was Vice President for Sales and Marketing at Shepard’s/McGraw-Hill. Most recently, Thompson was Senior Partner with The Sterling Group 925 LLC, a boutique consulting firm that works within legal and professional markets assisting with strategy, sales, marketing, and business development efforts. He received a PhD in Mass Media and an MA in Telecommunications from Michigan State University and a BA from Montana State University
_______________________
For additional information see: Bloomberg Law Gets LexisNexis Experience by Monica Bay on LTN Law Technology News..October 18, 2010.


September 23, 2010

CLLB Information Security Newsletter

Volume 3 Number 9 September 2010.

September 2010

Detecting and Avoiding Fake Anti-Virus Software

From the Desk of David Badertscher

Your Computer Is Infected with Malware!

You may be familiar with this or similar messages appearing on a website, urging you to take action purportedly designed to clean your allegedly infected computer. Unfortunately, these messages are often scams that attempt to install malicious software (malware) onto your computer. Such software is referred to as rogue (fake) anti-virus malware, and the incidents are increasing. Last year, the FBI reported an estimated loss to victims in excess of $150 million from this type of scam[1][1].

How can my system get infected?

These types of scams can be perpetrated in a number of ways, including via website pop-up messages, web banner advertisements, spam and posting on social networking sites. Scams are also appearing via the use of “tweeting.” The rogue software scam generally uses social engineering to make the user believe his or her machine is infected and that by taking action (clicking on the link provided) the machine will be cleaned. If you click on the malicious link, you may be downloading malware onto your machine. The names of the fake programs sound legitimate, and often, in a further attempt to make the malware appear legitimate, the programs may prompt you to pay for an annual subscription to the service.

Some varieties of rogue anti-virus programs will also get installed on your machine without any interaction by you: your machine could be compromised just by you visiting a website with a malicious ad or code and you wouldn’t know.

What is the impact from rogue anti-virus software?

Rogue anti-virus software might perform many activities, including installing files to monitor your computer use, steal credentials, install backdoor programs, and add your computer to a botnet. The installation of malware could result in a high-jacked browser (i.e., the browser navigates to sites you did not intend), the appearance of new or unexpected toolbars or icons and sluggish system performance. Additionally, another concern related to rogue anti-virus software is the false sense of security you may have, erroneously believing your machine is protected by anti-virus software when in fact it is not.

What can I do to protect my computer?

Applying computer security best practices will help protect your machine and minimize any potential impacts.

1. Don’t click on pop-up ads that advertise anti-virus or anti-spyware programs. If you are interested in a security product, don’t try to access it through a pop-up ad; contact the retailer directly through its homepage, retail outlet or other legitimate contact methods.

2. Don’t download software from unknown sources. Some free software applications may come bundled with other programs, including malware.

3. Use and regularly update firewalls, anti-virus, and anti-spyware programs. Keep these programs updated regularly. Use the auto-update feature if available.

4. Patch operating systems, browsers, and other software programs. Keep your system and programs updated and patched so that your computer will not be exposed to known vulnerabilities and attacks.

5. Regularly scan and clean your computer. Scan your computer with your anti-spyware once a week.

6. Back up your critical files. In the event that your machine becomes infected, having backups of your important files will facilitate recovery.

NOTE: Regarding the above recommendations, many organizations have formal processes that automatically update and patch appropriate software, scan computers and perform file back-ups. In these cases, no end user action is necessary.

For more information, please visit:

Partial Listing of Rogue Security Software: http://en.wikipedia.org/wiki/Rogue_software

Free Security Checks: www.staysafeonline.info/content/free-security-check-ups

Malware: www.onguardonline.gov/topics/malware.aspx

Spyware: www.onguardonline.gov/topics/spyware.aspx

For more monthly cyber security newsletter tips visit:
www.msisac.org/awareness/news/

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/ . This information is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture

MORE NEWS AND INFORMATION:


The Data Liberation Movement
By Rob May
TechNewsWorld
09/17/10 5:00 AM PT

Despite the advanced portability of data, the world's largest cloud computing vendors are fighting to lock their customers within their proprietary formats. But it does not need to be this way. Data liberation is a movement that is gaining momentum among enterprises and cloud vendors alike. These progressive businesses and consumers desire to control their data regardless of its location.

http://www.technewsworld.com/story/The-Data-Liberation-Movement-70844.html


Database Security Survey by Oracle: Budget is Top Concern of Administrators
By Brian Prince on 2010-09-16

Database administrators have a busy job keeping up with the mountains of data being created and managed by enterprises every day. Unfortunately, security can sometimes get the short end of the stick on the list of IT priorities. In its annual survey, the Independent Oracle Users Group discovered many of the issues that database professionals confronted in 2010 are virtually the same as the issues they tackled in 2009. The survey, conducted by Unisphere Research, polled 430 data managers and IT professionals in the user group. The report found a numbers of problems in how databases are managed, including a lack of monitoring, encryption and user management. These issues impacted database environments both big and small. However, the good news is that the percentage of respondents whose IT security spending went up was greater in 2010 than in past years. So just where should enterprises spend their security money when it comes to databases? The answer is that help is needed in several areas. Here, eWEEK takes a look at what those areas are and how IT managers can deal with these issues.

http://www.eweek.com/c/a/Database/Database-Security-Budget-Top-Admins-Concerns-Oracle-User-Survey-Says-786379/?kc=EWWHNEMNL09212010STR5


Defuse the Data Breach Time Bomb

By Linda McGlasson. Agency Insider Blog of Banking Information Security, September 20, 2010.

It's the hidden data breach threat to which everyone has access, and it is probably very near your own office.
I'm talking about the ubiquitous printer, copier, and fax machine that everyone uses. It's also a ticking time bomb. Last week, the Federal Deposit Insurance Corporation issued new guidance on stopping this risk in the FDIC Bulletin, Guidance on Mitigating Risk Posed by Information Storage on Photocopiers, Fax Machines and Pronters (FIL-56-2010), September 15, 2010.

http://blogs.bankinfosecurity.com/posts.php?postID=716&rf=2010-09-23-eb Article.

September 17, 2010

Ten Ways IT Departments May Enable Cybercrime

Kapersky laboratories has produced a special whitepaper focused on how IT unknowingly enables cybercrime by giving cybercriminals access to systems and data through a series of misconceptions and false assumptions. To view this paper click on the link below:

Ten Ways IT Departments Enable Cybercrime


September 9, 2010

CLLB Information Security Newsletter

Volume 3 number 8 August 2010.

From the Desk of David Badertscher

Protecting Children Online.

What are the threats online?

Children are spending more of their time online than ever before. According to one study, 8-18 year-olds spend an average of 1.5 hours a day using a computer outside of school[1]. As use of the Internet and online technologies becomes more ingrained into our everyday lives, it is important we ensure that our youth understand how to use these powerful tools and how to protect themselves from becoming cyber victims. Children of all ages face online risks, including the following:

· Inappropriate Contact: Children may come in contact with individuals with malicious intent, such as bullies and predators.

· Inappropriate Content: Children may be exposed to inappropriate content while online, such as violent or sexually explicit material.

· Inappropriate Conduct: Children have a sense of anonymity while online and may do things that they would not do when face to face with someone.

· Identify Theft: Because of the perceived sense of anonymity online, children may post personal or identifying information that can then be used by identity thieves.

How do I keep my children safe?

There are steps parents, educators and others who work with children can take to help keep children safe on-line:

· Computer Location: Keep your computer in a central and open location in your home.

· Supervise Access: Supervise computer access for children and monitor the types of sites visited. Consider using parental control tools on your home computer. These tools are provided by some Internet Service Providers or are available for purchase as a separate software package. You may be able to set some parental controls within your browser. As an example, in Internet Explorer click on Tools on your menu bar, select Internet Options, choose the Content tab, and click the Enable button under Content Advisor. (For other browsers, contact the vendor to determine what parental controls are included.)

· Establish Rules: Create guidelines for computer use. Include the amount of time that may be spent online and the type of sites that may be visited. Post these rules near the computer.

· Personal Information: Teach children not to post or share personal information such as their photograph, address, age or activity schedule. Create a safe screen name that does not reveal personal information about the child.

· Web Filtering: Use web filtering software that restricts access to inappropriate websites and content.

· Communication: Maintain an open line of communication. Encourage children to come to you if they feel threatened online.

· Cyberbullying: Teach children not to respond to cyberbullies. Report incidents of cyberbullying to school administrators and local law enforcement when appropriate.

Here are some resources focused on protecting children online.

· NET CETERA: Chatting with Kids About Being Online: http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec04.pdf

· iKEEPSafe Internet Safety Coalition
http://www.ikeepsafe.org/PRC/
·
StaySafeOnline
http://www.staysafeonline.org/content/protect-your-children-online
·
GetNetWise
http://kids.getnetwise.org/safetyguide/

· Netsmartz
http://www.netsmartz.org/index.aspx

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

For additional monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/

MORE NEWS AND INFORMATION:

Free Webinar:Hacking Exposed Live! September 2010, 11:00 AM PDT / 2:00 PM EDT

Web 2.0: New avenues for blended attacks

In this FREE webcast, McAfee Senior Systems Engineer, Erik Elsasser will join Hacking Exposed co-author and McAfee Senior Vice President and General Manager, Risk and Compliance, Stuart McClure to analyze the stages of a blended attack. While today's blended attacks use a number of avenues including social media to deliver malicious payload, they often follow a similar pattern. In this webcast, they will discuss and demonstrate the attack stages

Click here to Register and obtain additional information.

Highlights:Strategic Security Survey: Global Threat, Local Pain
08/30/2010 Highlights of exclusive InformationWeek Analytics research as it appears in "Global Threat, Local Pain," our report assessing whether the high-profile infiltration of corporate networks worldwide (Google China leaps to mind) is forcing execs to reconsider their security strategies and pony up related resources

White Paper: Cloud Based Security Survey.

Summary:
If you aren’t frightened by the changing threat landscape, you should be. Security threats are on the rise and cybercriminals are finding new ways to take advantage of Web ubiquity to scam users, breach personal information, and steal billions of dollars.

What needs to be done and how? This white paper concludes:

• The threat landscape is changing.
• Exsisting solutions are no longer enough.
• Large organizations need to join cloud-based security communities.


September 9, 2010

No Crackdown but Questions in Europe About Data Protection and the Cloud

By Alex Williams / September 4, 2010 11:18 PM*

German authorities have recently expressed skepticism about cloud computing and the potential it has for breaking data protection laws.

According to the Information Law Group, there is no imminent danger of a European crackdown, but legal experts are advising international companies to address these potential concerns in their planning and

To see complete article, click here.
______________________________
* Source: Read Write Cloud Channel, Posted by Alex Williams, September 4, 2010.

September 9, 2010

New York: How Fast (Or Slow) Is Your Broadband?

Take a speed test:

According to a recent survey by the Federal Communications Commission (FCC), 4 out of 5 Americans have no idea what the speed of their Internet connection is.

The Center for Technology in Government (CTG) at the University at Albany is partnering with the New York State Office of Cyber Security (OCS) to collect actual broadband speeds from New York State residents. OCS has received funding to do carry this out through a grant from the National Telecommunications and Information Administration (NTIA).

New York State is asking residents to take a fast, simple broadband speed test. By taking the speed test at home, you will be getting real-time information about the quality of your broadband connection and better awareness about the speed you need to access content and services over the internet. You will also be supporting New York's effort to accurately map current broadband speeds across the state to help drive future policy decisions and funding. Better broadband means greater opportunities for all New Yorkers.

Let your speed be heard! The speed of our broadband directly impacts what we can do online. Let's join together to do more. Take the speed test at http://www.nyspeedtest.org

Note: We would like to know if any other states have similar programs.
_______________

Source: E-mail from NYLINK, September 9, 2010.

August 20, 2010

Network Neutrality: Some Background and Perspectives (Updated August 26, 2010)

David Badertscher

Introduction

In an August 6, 2010 posting on the AALL Washington Blawg, “As Talks Break Down, What is Next for Neutrality”, Emily Feldman discussed the implication of talks on network neutrality between the Federal Communications Commission (FCC) and stakeholders of network neutrality falling apart, or at least being sidetracked, as part of the fallout from the private proposal presented by Google and Verizon regarding the management and possibly financing of internet traffic. As Ms. Feldman correctly noted, network neutrality is a priority for the American Association of Law Libraries (AALL) because law librarians “are providers, creators and users of digital information, and it is up to law libraries to ensure that everyone has equal access to the information they need”.Although librarians are special stakeholders in issues relating to the nature and the existence of network neutrality due to the nature of their mission, everyone in our society should have special concerns about the outcome of these discussions and debates because of the increasing perception of web based information as increasing in value as a service, and even perhaps as a commodity (or something like a commodity).

The above considerations have inspired me to create a new posting to update information previously posted on this blog about network neutrality and also to incorporate new discussion about what network neutrality is, providing some added information to help bring the recent FCC, Google, Verizon interactions into perspective, and conclude by providing some information regarding positions taken on network neutrality by two organizations with which I am most familiar, the American Association of Law Libraries and the Internet Society.

What is Network Neutrality?

Network neutrality (also net neutrality, internet neutrality) is essentially a principle or concept which holds that companies providing Internet services should treat all sources of data equally and that there should be no restrictions by Internet service providers and governments on content, sites, platforms, on the kinds of equipment attached, and also no restrictions on the modes of communication allowed. See also New York Times: Times Topics discussion on Network Neutrality updated to August 12, 2010.

Google Verizon and the FCC

Critics of network neutrality have argued that some kinds of data discrimination on the Internet for some purposes, such as to guarantee quality of service, are actually highly desirable. Such divisions of opinion have resulted in large internet companies talking about creating a two-tiered Internet with a “fast lane and a slow lane”. An alternative approach has recently been presented in a joint proposal by Google and Verizon. In their proposal, Google and Verizon advocate enforcing network neutrality principles on wired communications but not on the wireless Internet. The Google/Verizon proposal also includes something they refer to as “additional differentiated online sources”.What this means appears to be an open question as noted in the following e-mail received from the New York Chapter of the Internet Society:

The break up of the FCC’s ‘secret talks’ and the publishing of
the Google/Verizon joint legislative proposal has certainly stirred up a
net neutrality hornets nest. Just what ‘differentiated services’ do they
have in mind? Is wireless really out the window?

The New York Chapter of the Internet Society have prepared a discussion regarding the Google/Verizon involment including a chronology with links to related documents.at "Google/Verizon Statement on Open Internet Net Neutraltiy" on their website. I was prepared to do some reasonably extensive research on this topic myself but thanks to the people at ISOC-NY it was unnecessary for me to do so

Positions Taken on Network Neutrality by the American Association of Law Libraries (AALL) and the Internet Society (ISOC).

American Association of Law Libraries (AALL):

The American Association of Law Libraries is a member of the Save the Internet Coalition and the Open Internet Coalition, both of which bring together individuals, non-profit organizations, businesses and bloggers who strongly support network neutrality . AALL also maintains a Net Neutrality Issue Brief which is currently updated to June 2010.

Internet Society (ISOC)

While the Internet Society does appear to have an Official Statement (included among the Google/Verizon documents mentioned earlier) which addresses the Google/Verizon Proposal I have been unable to determine if they have a document approved by their Board of Directors which constitues an official position of ISOC regarding network neutrality. That does not mean however that ISOC has not taken positions on this subject.. As an example see the ISOC paper "Open Inter-networking" (February 21, 2010) which includes a useful discussion of open network considerations including network neutrality which it considers to be" a broad and ill-defined term that encompasses a range of policy objectives including free expression, user choice, and discrimination as well as business issues including network traffic management, pricing and overall business models." This paper also asserts that "[T]he Internet Society believes that the proper focus in this discussion [open inter-networking] is on the desired outcome: continued open inter-networking. Current debate centres on whether or how IP packets can be treated impartially"

Update as of August 26, 2010.

Since the above information was posted two additional documents useful to this discussion have come to our attention:

Access to Broadband Networks: The Net Neutrality Debate
Report No. R40616
Subjects: Telecommunications
CRS Reports, 111th Congress (8/11/2010; Posted: 8/26/2010)
SEE SUMMARY

Campbell, Robert. "Lawmakers Argue Against Adoption of Verizon-Google Net Neutrality Plan," Originally posted on Paul Weiss Rifkind Wharton & LLP website. August 20, 2010. Also on Lexology.com.(viewed August 26, 2010.

In an August 20, 2010 paper posted on Lexology, " Lawmakers Argue Against Adoption of Verizon-Google Net Neutrality Plan," Patrick Campbell of Paul Weiss Rifking Wharton & Garrison in New York reports that four Democratic members of the House Energy and Commerce Committee have written to FCC Chairman Julius Genachowski voiceing their concerns with the net neutrality policy framework proposed by Verizon Communications and Google, Inc. Mr. Campbell writes: "The lawmakers claim that the agreement 'reinforces the need for resolution of the current open proceedings at the Commission to ensure the maintenance of an open Internet.' In the week since its introduction, the regulatory roadmap offered by Google and Verizon has added considerable ammunition to the debate over net neutrality that continues to intensify in the wake of the D.C. Circuit Court’s decision in the Comcast- BitTorrent case. Specifically, the companies’ plan would prohibit wireline broadband operators from selectively blocking web transmissions while exempting wireless mobile broadband providers from net neutrality regulation..."

August 16, 2010

CLLB Information Security Newsletter

Volume 3 Number 7 July 2010

July 2010

PROTECTING DATA CONTAINED IN COPIERS AND PRINTERS

From the Desk of David Badertscher

What kind of data can be stored in copiers and printers?

You are probably familiar with many of the standard best practices for safeguarding your data, such as avoid carrying unencrypted sensitive data on portable devices; use a complex password; and keeping your PC current with updated anti-virus software and security patches. However, do you realize that another important aspect of safeguarding your data means taking precautions about the information contained on printers or copiers?

Increasingly, printers, copiers and related devices come with hard drives capable of storing large volumes of information. The data you print, copy, scan, or fax may be stored on the hard drive permanently.

Recent news coverage has highlighted the fact that confidential information can be recovered from printers, copiers and similar devices after they are sent to surplus or returned to the vendor at the end of their lease. Some of the confidential information recently reported to be found on these machines included social security numbers, birth certificates, bank records, income tax forms, medical records, and pay stubs with names.

How do I keep my data secure?

Assume that any document that you printed or scanned is stored on the device. At a minimum, be aware that when you dispose of your printer, fax, copier or scanner, there may be a hard drive containing images of all of your documents. In order to properly dispose of the device, have the hard drive securely wiped before you give the device away or sell it, or if the device’s hard drive is removable, remove the drive entirely and have it securely destroyed.

Individuals and organizations should review the following recommendations for printers, copiers, scanners, and faxes:

· Settings: Configure the devices to encrypt the data, if possible.

· New Devices: Purchase\lease devices with disk encryption and immediate data overwriting capability.

· Disposal: Remove or wipe the hard drive before disposal.

· Use of Public Devices: Be cautious if using public printers\copiers\scanner\faxes for documents containing confidential information.

Additional Information:

· Identity Theft Awareness: http://www.identity-theft-awareness.com/digital-copiers.html

· Identity Theft Fixes: http://www.identitytheftfixes.com/company_copiers_and_identity_theft_--_is_your_company_at_ris.html

· CBS News - Digital Photocopiers Loaded With Secrets: http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

· SANS Reading Room: http://www.sans.org/reading_room/whitepapers/networkdevs/auditing-securing-multifunction-devices_1921

· Xerox: http://www.xerox.com/information-security/product/enus.html

· Cannon: http://www.usa.canon.com/cusa/production/standard_display/security-main-page
· HP: http://h71028.www7.hp.com/enterprise/cache/617575-0-0-225-121.html

· Toshiba: http://www.copiers.toshiba.com/usa/security/device-security/index.html

For additional monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

MORE NEWS AND INFORMATION.

Bandwidth Bandit - Symantec White Paper.

Summary:
Internet bandwidth is a finite and expensive resource; protect it from spammers, criminals, hackers, time-wasters and employee misuse. Your company’s internet link is precious. Not only is it expensive and limited but it is a vital business tool. Yet our analysis shows that companies can lose around a quarter of their internet bandwidth to employee web misuse, streaming media and spam. Imagine if you had to give up a quarter of your office space for non-work activities; it’s inconceivable. But when it comes to internet bandwidth, most companies don’t even know about the loss, let alone take steps to prevent it.

Part of the problem is that the internet is designed to continue operating even if links are busy or damaged; indeed that’s the whole point of it. This means that you probably don’t notice if your emails take longer to deliver, web pages take longer to load and internet phone and video conferences are lower quality. It all sort of works and you expect the occasional hiccup.

Download White Paper Here

Six Reasons to Worry About Cybersecurity

By William Jackson

Daily Government Computer News August 16, 2010.

The threats from increasingly professional cyber criminals, spies and hackers are evolving to address the adoption of new technologies and platforms by government and private-sector enterprises.



July 1, 2010

CLLB Information Security Newsletter

Volume 3 Number 6 June 2010

From the Desk of David Badertscher

Home Personal Computer (PC) Maintenance for Windows Operating Systems

Why do I need to maintain my home PC?

As with most types of equipment, you must perform periodic maintenance on your home PC to keep it in good operating condition. Performing maintenance will help your PC run faster, use resources more efficiently, and could save you from headaches caused by system failures and degradation. Most importantly, proper PC maintenance is crucial in order to protect your machine from security threats such as worms, viruses and other malicious activity.

How do I keep my home PC maintained?

Note: The following steps are provided to help ensure that your home PC operates effectively and securely. Most of the tips can be performed with moderate knowledge of PCs and can generally be completed in a short time. More detailed, in-depth assistance may be required in some instances, in which case you may wish to consult a qualified computer repair professional.

§ Establish and maintain a plan. Make a plan to perform periodic maintenance and put it on your calendar as a reminder. Back up critical files system files and programs before beginning.

§ Set a System Restore Point. Before you begin your periodic maintenance or make any significant changes, set up a system restore point, which will enable recovery from any error that may occur during maintenance. To set a System Restore Point, click Start, All Programs, Accessories, System Tools, System Restore, Create a Restore Point. (For “Classic” Start Menu: click Start, Programs, Accessories, System Tools, System Restore, Create a Restore Point.)

§ Remove unnecessary files or programs. Empty your Recycle Bin and delete Windows temporary files. Remove installed programs that you no longer use. The Disk Cleanup program does all of these tasks including the deletion of unneeded Windows components. To access the Windows Disk Cleanup program, click: Start, All Programs, Accessories, System Tools, Disk Cleanup. (For “Classic” Start Menu, click: Start, Programs, Accessories, System Tools, Disk Cleanup.) In Internet Explorer, clear your history, temporary Internet files, and cookies by clicking on Tools, Internet Options and select the tab labeled “General.” Click on the Delete button under the section labeled “Browsing history.”
Finally, archive or delete old files such as documents, images and graphics that are no longer needed.

§ Optimize system performance. Configuring your PC software to operate as efficiently as possible will help your PC run faster and smoother. Organize your data files in a central folder with appropriate subfolders (do not save files in the root directory or on the desktop). This makes backup easier and can reduce fragmentation on your hard drive.

§ Run a defragment tool on your disk drive. To do so, click Start, All Programs, Accessories, System Tools, Disk Defragmenter. (For “Classic” Start Menu, click Start, Programs, Accessories, System Tools, Disk Defragmenter.)

§ Apply updates and patches. Make sure your operating system and software applications have the latest updates installed—and that the auto-update feature is enabled. Ensure that your anti-virus/anti-spyware/anti-adware software are running and receiving automatic updates. Check vendor and manufacturer websites for device drivers updates, and apply patches as needed. Renew all maintenance contracts/subscriptions.

§ Perform regular backups. All critical files, as well as any information not easily replaced should be backed up. Check backup functions to ensure they are operating properly. Back up your files to a remote location (external hard drive or PC).

§ Check your firewall. Review firewall settings for product configurations. Confirm that settings are appropriate for the current level of security needed.

§ Routinely change your passwords. Routinely change all of your passwords for local applications, as well as those used for websites. Use strong passwords with at least eight characters and incorporate a mix of numbers, special characters, and upper and lower case letters.

§ Perform hardware inspections. Perform a visual check of your PC hardware to prevent potential problems before they occur. This includes examining your surge suppressor, UPS, power strip, and cables for any damage. Replace batteries as needed.

Additional Tipa

· Multi-State Information Sharing and Analysis Center Cyber Security Tips Newsletter - http://www.msisac.org/awareness/news/2008-03.cfm

· Small Business Computing - http://www.smallbusinesscomputing.com/testdrive/article.php/3864116/7-Basic-Windows-PC-Maintenance-Tips.htm

· Tips4PC - http://www.tips4pc.com/articles/computer%20maintenance/computer_maintenance_checklis_tips.htm· Sensible-Computer-Help - http://www.sensible-computer-help.com/computer-maintenance-tips.html

· Microsoft - http://www.microsoft.com/athome/setup/maintenance.aspx
For more monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

MORE NEWS AND INFORMATION:

What is Information Security?
WiseGeek.com
http://www.wisegeek.com/what-is-information-security.htm

Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing.

The 2010 Information Security Summit features 2 days of talks, presentations, hands-on workshops, and a vendor trade-show fair. Information Security Technology, Business/Management, Law Enforcement and Legal issues are featured.

The conference will take place October 14-15, 2010 at Corporate College East in Warrensville Heights, Ohio. Corporate College East is located at 4400 Richmond Road between Harvard and Emery Roads In Warrensville Heights. The facility is easily accessible from Interstate 271
https://www.informationsecuritysummit.org/

Coalition Formed to Tackle Bank Account Scams
BY Marcia Savage, Site Editor
Search Financial Security. com

"A coalition of banks, financial trade associations, federal regulators, and law enforcement agencies is studying a variety of best practices and technologies to thwart the criminal hijacking of accounts and other bank account scams."

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1515845,00.html

Demystifying Governance, Risk, Compliance
BY David Schneier
Information Security Magazine June 2010
Registration required for access to full article.

GRC aims to bring together disparate compliance efforts in the enterprise, but the concept has been stymied by a lack of clarity. Developing a GRC program requires three key steps.

http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1514262,00.html

June 30, 2010

Developing an Addition to Your Blackberry in 13 Easy Steps

We recemty receoved the following e-mail from the ABA Judicial Division and are grateful for the opportunity to share this column by Judge Dixon with you our colleagues and friends.:

Judge Herbert Dixon's technology column, Developing an Addition to Your BlackBerry in 13 Easy Steps, is available free to the general public at http://new.abanet.org/divisions/Judicial/PublicDocuments/2010SpringDixon.pdf

. The Judges' Journal staff and Editorial Board have concluded that certain articles have a short shelf life and are more valuable for generating interest in the Judicial Division if they are freely to the public rather than listing the articles for purchase. Please share the article with your colleagues and friends as a way to generate interest in the Judicial Division

June 3, 2010

Murdoch On How to Get People to Pay for Content

In a video of an interview with his Fox Business Network, Rupert Murdoch, News Corp. Chairman discusses what he considers the future of media and the Company's plan to charge for content. During the interview Mr. Murdoch said that in order to get people to pay for content online you simply "...turn them off. They've got to sign on. They give you their credit card number. And that's it. And then you e-mail them and say you're putting the price up or you're taking it down or whatever."

Click here to listen to the interview.

May 26, 2010

CLLB Information Security Newsletter

Volume 3 Number 5 May 2010

Identity Theft

From the Desk of David Badertscher

What is Identity Theft?

Identity theft is a crime in which your personal information such as your name, social security number, date of birth, and address is stolen and may be used by someone to assume your identity, often for the purpose of financial gain. It is also referred to as “identity fraud” when the stolen identity is used to impersonate the victim. Methods a criminal may use to steal your data over the Internet include hacking or using spam and phishing. Social media sites and file sharing can be prime targets for identity thieves, since users often make the assumption of a trusted environment, sharing personal information without understanding the consequences.

Identity theft is not just a risk for those who use the Internet. Criminals can obtain information by sorting through garbage, eavesdropping, stealing wallets, picking up receipts at restaurants, and other means.

Once enough information is gathered, criminals may open new credit card accounts, apply for loans, empty your bank accounts, make charges on your credit card, or develop fake forms of identification.

Identity thieves will not always use the information themselves. They may sell it to underground markets for financial gain.

What can I do to protect my identity?

• Ensure that any computer used to connect to the Internet has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.
• Do not follow links provided by unknown or un-trusted sources.
• Do not open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
• If you employ file sharing programs, check the configuration settings to ensure you are not inadvertently sharing your personal information.
• Be careful what personal information you distribute, particularly on social networking sites, and continuously check to see what information others may be posting about you. Also verify your privacy settings to ensure you are not inadvertently sharing your personal information.
• Check your credit reports from all three major credit bureaus (Equifax, Experian, and TransUnion) at least once a year. You are entitled to one free credit report from each bureau every year. You may wish to stagger your requests to check a different credit bureau every four months.
• Guard your personal information, including your social security number. Don’t carry your social security card with you, and don’t provide your social security number to anyone unless they have a legitimate need for it.
• Don’t put your social security number or driver’s license number on your checks.
• Be aware of your surroundings when providing personal information orally. Watch for eavesdroppers.
• Properly discard hard copy documents containing personal information. A crosscut paper shredder works best.

What do I do if my identity has been stolen?

The first step is to notify your bank, and any other entities with which you have accounts, to inform them that someone may be using your account fraudulently. File a report with your local police and report the event to the Federal Trade Commision. It is helpful to have your financial statements available to better explain your situation.

Contact all three major credit bureaus to request a credit report, and have a fraud alert or a credit freeze placed on your credit reports to prevent accounts from being opened without your permission.

Continue to monitor all of your accounts for any suspicious activity.

Additional Information:

• Multi-State Information Sharing and Analysis Center - www.msisac.org/webcast/02_06/info/resourses.cfm || www.msisac.org/webcast/02_06/

• Federal Trade Commission
www.ftc.gov/bcp/edu/microsites/idtheft/

• Identity Theft Resource Center
www.idtheftcenter.org/

• Test your Identity Theft Knowledge
www.idtheftcenter.org/artman2/publish/c_theft_test/index.shtml

• National Cyber Security Alliance
www.staysafeonline.org/content/protect-yourself

For more monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/

The above information is from tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/
_______________________

MORE NEWS AND INFORMATION:

At a Technology Managers Forum on May 13, 2010 devoted to information security issues, Spencer Parker, Director of Product Management at CISCO gave a keynote presentation titled Dispelling The Myths of Cloud Security. In his presentation Mr. Parker examined the truth behind five common myths about cloud security and outlined the factors fueling its rapid growth. He also presented data from real companies utilizing the cloud, such as:

Employee time spent on Facebook applications.
Ongoing prevelance of data theft Trojans.
A look at advanced, granular reporting capabilities.

Interview with Brian Hengesbaugh, partner with Baker & McKenzie, on global security and privacy challenges

In a May 2010 interview and podcast reported by Bank Info Security.com Brian Hengesbaugh, partner in the Chicago office of the law firm Baker & McKenzie observes there isnothing smooth about navigating the tricky waters of data security and privacy on a global basis. Regulations vary and often conflict with one another. Click here to read the interview and link to the podcast.


February 2, 2010

CLLB Information Security Newsletter

Volume3 Number 1 January 2010

From the Desk of David Badertscher

As we begin the new year, it’s an opportune time to assess the cyber security landscape and prepare for what new challenges may lie ahead, as well as what current threats may continue.

What Are the Cyber Trends for 2010?

· Malware, worms, and Trojan horses: These will continue to spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.

· Botnets and zombies: These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

· Scareware – fake/rogue security software: There are millions of different versions of malware, with hundreds more being created and used every day. This type of scam can be particularly profitable for cyber criminals -- as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

· Attacks on client-side software - With users keeping their operating systems patched, client-side software vulnerabilities are now an increasingly popular means of attacking systems. Client-side software includes things like Internet browsers, media players, PDF readers, etc. This software will continue to have vulnerabilities and subsequently be targeted by various malwares.

· Ransom attacks occur when a user or company is hit by malware that encrypts their hard drives or they are hit with a Distributed Denial of Service Attack (DDOS) attack. The cyber criminals then notify the user or company that if they pay a small fee, the DDOS attack will stop or the hard drive will be unencrypted. This type of attack has existed for a number of years and is now it is gaining in popularity.

· Social Network Attacks: Social network attacks will be one of the major sources of attacks in 2010 because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone's page, which could bring users to a malicious website.

· Cloud Computing: Cloud computing is a growing trend due to its considerable cost savings opportunities for organizations. Cloud computing refers to a type of computing that relies on sharing computing resources rather than maintaining and supporting local servers. The growing use of cloud computing will make it a prime target for attack.

· Web Applications: There continues to be a large number of websites and online applications developed with inadequate security controls. These security gaps can lead to the compromise of the site and potentially to the site’s visitors.

· Budget cuts will be a problem for security personnel and a boon to cyber criminals. With less money to update software, hire personnel and implement security controls enterprises will be trying to do more with less. By not having up-to-date software, appropriate security controls or enough personnel to secure and monitor the networks, organizations will be more vulnerable.

What Can I Do?

The following are helpful tips to assist in minimizing risk:

· Properly configure and patch operating systems, browsers, and other software programs.

· Use and regularly update firewalls, anti-virus, and anti-spyware programs.

· Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.

· Do not open email or related attachments from un-trusted sources.

Additional Information:

IBM’s Top Security Trends for 2010: http://www.internetnews.com/security/article.php/3849636/

Symantec’s 'Unlucky 13' Security Trends for 2010:
http://www.internetnews.com/security/article.php/3849371

SANS Top Cyber Security Risks: http://www.sans.org/top-cyber-security-risks/

Bankinfosecurity.com article: http://www.bankinfosecurity.com/articles.php?art_id=1926

PC World: http://www.pcworld.com/article/182889/new_banking_trojan_horses_gain_polish.html

Panda Labs 2009 Annual Malware Report:
http://www.pandasecurity.com/img/enc/Annual_Report_Pandalabs_2009.pdf

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

OTHER NEWS AND VIEWS:

DARPA: Calling All Cyber Geneticists
Technology sought would develop cyber equivalent of DNA to identify cyberattackers

By Ben Bain
Jan 29, 2010
Federal Computer Week
"The Defense Advanced Research Projects Agency is looking for technologists who can think like scientists to develop and use the cyber equivalent of fingerprints or DNA to pinpoint the origins of a cyberattack...."
____________________

False sense of cybersecurity
Paul Bell
GCN Government Computer News
January 13, 2010.
Newly appointed National Cybersecurity Coordinator Howard Schmidt has a big job ahead of him. Getting individuals, businesses and government to take greater responsibility is one of three places he should start

January 29, 2010

2009 End of Year Message from Internet Society President and CEO

Although addressed primarily to Internet Society members, the following message contains information which should be of interest to librarians, lawyers and other important stakeholders in the internet community who need to follow ongoing developments.

Dear Members, Friends, and Colleagues,

The end of 2009 is here - and what a year it has been. The Internet
Society continued to prosper in 2009, the results of our work reaching
wider and deeper than ever before. So it is a pleasure to extend my
sincere gratitude to all of you whose combined efforts, energy, and
dedication have made this such a great year.

We often use the term "Internet community" and, looking back at the
achievements of this year, it is clear that these are truly the result
of a strong, committed community pulling together around shared values
and principles.

It is impossible to list here all of the Internet Society's
achievements from such a busy and productive year, but I would like to
single out a few highlights.

Within the Enabling Access Initiative, we worked closely with Chapters
and other local and regional partners to significantly extend our
technical and policy capacity building programmes, especially in
Africa, Latin America, and the Caribbean. These efforts were aided
through a revitalized INET programme with specialized content
developed in partnership with local communities, and which reached out
successfully to hundreds of participants in each location. This work
advanced our profile and strengthened our message in many high-level
forums, such as the OECD, the World Bank, and the ITU. Access
continues to be one of the major themes in many of the Chapter and
other member projects supported by our grants programmes.

In our InterNetWorks Initiative, a number of new efforts contributed
to helping to advance the health of the Internet. ISOC continues to
project a strong voice for IPv6 deployment, so it has been pleasing to
see in 2009 that IPv6 is gathering momentum around the world. In an
exciting new development this year, ISOC launched a series of topical,
lively panel discussions during IETF meetings. The first on IPv6
deployment attracted much international attention. Together with the
subsequent panels on DNS security and bandwidth management issues,
these events have set the scene for what will be an important ongoing
activity, helping to advance the health of the Internet and promoting
the role of the IETF.

ISOC's Trust and Identity Initiative benefited from two important new
staff additions in 2009, increasing our involvement in many important
new initiatives and partnerships in both the Trust and Identity
spaces. One of the most significant is the Kantara Initiative
(formerly the Liberty Alliance), in which ISOC has developed a strong
voice and leadership role.

Throughout all of our work in 2009, we strived to promote better
understanding of the nature and importance of the Internet Model of
development and the relationships of the many organizations and
functions making up the Internet Ecosystem. These efforts have clearly
paid off and we were very pleased to see many of our messages
reflected in the words and actions of many others in regional,
national, and global discussions. In 2009, ISOC's key messages were
more frequently cited in media reports and reflected in statements by
policy makers around the world than ever before.

Additions to ISOC's staff in 2009 helped us make big strides in
producing better publications and communications resources, delivering
important information and services in more languages, and providing
much greater support for events where Chapters, Individual and
Organization Members, and others come together in support of our
common mission. The successful Sphere project continues to be an
excellent process for enabling the full potential of the Chapter
network. And we were very pleased to recently launch the first phase
of our new Association Management System as a much improved tool for
Chapter and member interaction.

This year was one of ISOC's most significant ever in terms of global
engagement. With highly visible roles in the EU, ITU, OECD, IGF, and
many other major policy and technical forums, it is clear that ISOC's
reputation as a trusted and authoritative voice on critical Internet
issues continues to grow stronger. We again were honoured to
coordinate the participation of other organizations, especially in the
Internet Technical Advisory Committee to the OECD and the Internet
Pavilion at the ITU's Telecom World 2009. At the latter event, ISOC
announced the Next Generation Leaders programme, a new activity
starting in 2010 to build on our past successes such as the Network
Training Workshops (NTW's), as well as our current work in Fellowships
to the IETF, and Ambassadorships to the IGF and other forums, adding
coursework and mentoring to help accelerate the careers of the young
practitioners who will lead the Internet into its next generation.

Finally, the Internet Society is finishing the year on a high note,
having just announced our support for the World Wide Web Consortium
(W3C), to help it evolve as a more agile, inclusive, and flexible
organization, as it creates and promotes open standards.

There is so much more I could mention here - it really has been an
extraordinary year. As 2009 draws to a close, it is important to
recognize and thank all those who contributed to such a successful
year. So, thank you to all the Individual and Organization Members,
the Chapters, and all our other supporters and partners for their
efforts and support as we worked together in pursuit of our common
goals. Thank you to our friends in the Internet Engineering Task Force
(IETF) and the Internet Architecture Board (IAB) without whose values
and work, the Internet, as we know it, would not exist. And, of
course, thank you to the ISOC staff, the ISOC Board of Trustees, the
Organization Member Advisory Council and the Public Interest Registry
(PIR), for their efforts and support. To all of you, your support is
vital to helping the Internet improve the lives of people everywhere.

Finally, I'd like to extend my very best wishes to you and your
families during the holiday season, as we couldn't do what we do
without their support. I look forward to working together with all of
you for a prosperous and successful 2010.

Warmest regards,

Lynn

Lynn St.Amour
President & CEO, Internet Society

December 22, 2009

CLLB: Information Security Newsletter

Volume 2 Number 12 December 2009.

Automatic Software Updates and Patching

From the Desk of David Badertscher

Security vulnerabilities are flaws in the software that could allow someone to potentially compromise your system. Each year, the volume of software security vulnerabilities discovered increases, and the hacking tools available to exploit these vulnerabilities become more readily available and easier to use. Vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office are prime targets of attacks on computers connected to the Internet. Recent statistics reported show that 48% of the cyber attacks identified in the second quarter of 2009 were targeted against vulnerabilities in Adobe Acrobat/Adobe Reader1 and in October 2009 Microsoft released patches for a record number of security holes. No entity is immune to vulnerabilities, so we must ensure we understand the risks and take appropriate mitigation steps.

Why do I need to update my software?

One of the basic tenets of computer security is to update your operating system and other software installed on your computer. Software updates fix problems in the software, add functionality, and most importantly, fix vulnerabilities that impact the security of the software and subsequently your computer. These vulnerabilities can lead to your computer—and information that resides on it—being compromised. Exploitation of vulnerabilities may occur by opening documents, viewing an email which contains malicious code or visiting a web site hosting malicious content. Seventy percent of the top 100 web sites hosted malicious content or contained a link designed to redirect users to malicious sites.2

What is a software patch (fix) and when should I install software patches?

Patches are often called "fixes." A patch is software that is used to correct a problem to an application (software program) or an operating system. Computer companies are continuously addressing security holes (i.e. vulnerabilities) in computer software which could be used to infect your computer with a virus, spyware or worse. When vulnerabilities are discovered, the software vendor typically issues a fix (i.e. patch) to correct the problem. This fix should be applied as soon as possible since the average time for someone to try to exploit this security hole can be as little as a few minutes. Most major software companies will periodically release patches, usually downloadable from the Internet, that correct very specific problems in their software programs.

My computer includes hundreds of software programs-- which ones do I need to update and how often?

One of the challenges facing the average computer user is to know which software needs to be updated and how often. Software programs that communicate or interact with the Internet are especially susceptible to attacks and should be kept at a vendor-supported version and current on all patches.

Many software programs include a feature called “auto update.” This feature allows the computer to check for updates at periodic intervals. The software will automatically check for updates and save them to your computer. Some updates will instruct you to “reboot” your computer before the software update can be applied.

At a minimum, you should enable the auto update feature on the following products:

Anti-virus and Anti-spam signatures: anti-virus and anti-spam software requires regular updates to virus and spam signatures to remain effective. New viruses and other types of malware appear every day and the anti-virus/anti-spam vendors release new signatures on a daily basis to stay on top of the new threats. Windows Office software: Word, Excel, Outlook, etc. – (see below for updating Windows software) Internet Browsers: e.g., Internet Explorer (Microsoft), Firefox (Mozilla), Safari (Apple) and Chrome (Google). Make sure you update any software you use for browsing the Internet. Adobe products: e.g., Adobe Reader, Adobe Acrobat, Flash, Shockwave Media Players: e.g., Windows Media Player (Microsoft), QuickTime (Apple), Real Player (Real Networks) and Flash Player (Adobe)

Java (Sun Microsystems): Java is software that is installed on most computers to allow users to play online games, conduct online chats, and view images in 3D, among other functions. It is also used for Intranet applications and other e-business solutions. Other software programs that communicate or interact with the Internet, like e-mail, web servers, and remote desktop software are especially susceptible to attacks and should be kept current on patches and version levels.

It is very important to promptly download and patch your operating system and programs whenever security updates or “service packs” become available. These patches are created to protect systems against potential attacks. Be aware that attacks sometimes occur before updates are released.

How do I update my Microsoft Windows programs?

Windows Update is a Microsoft service that provides updates for the Windows operating system and other Microsoft software. Installing Windows updates, such as “service packs” and other patches, is necessary to keep your Windows system secure. To activate Windows Update, go to Settings/Control Panel/Automatic Updates. When you turn on Automatic Updates, Windows routinely checks the Windows Update web site for high-priority updates that can help protect your computer from the latest viruses and other security threats. These updates can include security updates, critical updates, and “service packs.” Depending on the setting you choose, Windows automatically downloads and installs any high-priority updates that your computer needs, or notifies you as these updates become available. Be sure to set the auto updates to daily, as patches can be released at any time.

Note: Many organizations have formal processes to patch systems that will automatically update all appropriate software. In these situations, no end user action is required.

******************************

Source: 1. F-Secure
Source: 2. SC Magazine

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/
__________________________________________

OTHER NEWS AND VIEWS

Continue reading "CLLB: Information Security Newsletter " »

December 3, 2009

Voting Has Begun in the ABA Journal's Third Annual Blawg 100

I received the following letter from the ABA Journal along with a request to send it along to our readers. I urge all of you to contribute to the Blawg 100 conversation.
David Badertscher

Dear Blawgger,
As proprietor of one of the more than 2,500 blawgs in the ABA Journal's online directory, we thought you'd want to know that our annual Blawg 100 list was published today.

Now the real fun begins. We've invited our readers to vote for their favorite blogs from among the top 100 in each of 10 categories. Voting ends December 31. Winners will be featured in the February issue of the Journal.

Every year, the list has occasioned great debate about the state of the blawgosphere, terrific legal blogs that didn't make the list, and how lawyers can benefit from the news and analysis being produced online every day by their colleagues nationwide. Indeed, the debate that occurs on blawgs like yours has done as much to promote the legal profession's engagement with new media as the Blawg 100 list itself.

So we invite you to point your readers to the Blawg 100 and continue contributing to that conversation.

Thank you for the news and analysis you provide the legal community on your blog.
--Ed
________________________________
Edward A. Adams
Editor and Publisher
ABA Journal
www.ABAJournal.com